A security researcher has publicly shared an exploit of Windows 10, which lets any threat actor with limited privileges to a vulnerable system gain admin privileges.
All Windows 10 systems running on versions before the January 2022 security Tuesday update are vulnerable, where Microsoft patched this bug in that update. The researcher, in his exploit note, stated that he chose to go public with his findings since Microsoft has reduced the bug bounty reward.
Privilege Escalation Bug in Windows 10
In the regular course of finding bugs, RyeLv , a security researcher has spotted a crucial privilege escalation vulnerability in Windows 10, which is tracked as CVE-2022-21882. This is later found to be the bypass for a previously patched CVE-2021-1732 bug.
Regarding the just-fixed CVE-2022-21882: win32k privilege escalation vulnerability, CVE-2021-1732 patch bypass,easy to exploit,which was used by apt attacks — b2ahex (@b2ahex) January 12, 2022
